Confirming physical possession of plastic NFC cards with a mobile digital wallet application

ABSTRACT

A user accesses a merchant system website via a user computing device, selects items for purchase, and selects an option to checkout using a digital wallet account. The user selects payment information associated with a payment card device for use in an online transaction. The merchant system transmits an unpredictable number to the user computing device. The user taps the payment card device to the user computing device to establish a wireless communication channel over which the payment card device receives the unpredictable number. The payment card device transmits payment card information and a check sum calculated from the unpredictable number and by the payment card device to the merchant system via the user computing device. The merchant system transmits the check sum and payment card information in a transaction authorization request to the issuer system, which verifies the check sum using the shared secret and the unpredictable number.

TECHNICAL FIELD

The present disclosure relates to improving the security of onlinetransactions between a merchant system and a user computing device.

BACKGROUND

When users make “in-app” online purchases using a credit card via anapplication operating on a user computing device, a merchant systemassociated with the application is charged a “card-not-present” ratebecause the physical credit card is not presented to the merchantsystem. Similarly, purchases initiated via a user computing device witha web site are charged card-not-present rates. In addition to incurringhigher costs, card-not-present transactions are associated with greaterfraud rates than card-present transactions. A user computing devicecomprising a digital wallet application in which a first user'sfinancial account information is stored may be stolen by a second user.The second user may attempt an online transaction using the first user'sfinancial account stored on the digital wallet of the first user's usercomputing device. Additionally, a second user may copy a first user'sfinancial account information and attempt to conduct a transaction usingthe second user's own user computing device by manually entering thefirst user's stolen financial account information into a merchant systemwebsite.

Payment card issuers may desire to verify that a payment card device isin the physical possession of the account holder at the time of anonline transaction involving the payment card data. Some verificationprocedures require that a user log in to a web site of the payment cardissuer and enter a code that the user received with the payment card.However, such a process may be cumbersome and deter users frominitiating or completing a transaction with the payment cardinformation.

SUMMARY

Techniques herein provide computer-implemented methods to verify userpossession of a payment card device during an online transaction. In anexample embodiment, an issuer system manufactures a payment cardcomprising a shared secret for distribution to a user. The userestablishes a digital wallet account with an account management systemand adds payment information associated with the payment card device.The user accesses a merchant system website via a user computing device,selects one or more items for purchase, and selects an option tocheckout using the digital wallet account on the merchant systemwebsite. The user selects, from a digital wallet application operatingon the user computing device, the payment information associated withthe payment card device for use in an online transaction with themerchant system. The merchant system generates an unpredictable numberfor the payment card device and communicates the unpredictable number tothe user computing device. The user taps the payment card device to theuser computing device to establish a wireless communication channel. Theuser computing device transmits the unpredictable number to the paymentcard device via the wireless communication channel. An applicationresident on the payment card calculates a cryptographic check sum basedon the unpredictable number and the shared secret and communicates thecheck sum and payment card information to the user computing device,which communicates the check sum, payment card information, and a usercomputing device identifier to the merchant system via the accountmanagement system. The merchant system transmits the check sum and thepayment card information to the issuer system in a transactionauthorization request. The issuer system verifies the check sum usingthe shared secret and the unpredictable number associated with thepayment card information. The issuer system approves the transactionauthorization request and notifies the merchant system of the approvalof the transaction authorization request. The merchant system transmitsa receipt to the user computing device to display to the user.

In certain other example aspects described herein, systems and computerprogram products to verify user possession of a payment card deviceduring an online transaction are provided.

These and other aspects, objects, features, and advantages of theexample embodiments will become apparent to those having ordinary skillin the art upon consideration of the following detailed description ofillustrated example embodiments.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram depicting a system for verifying userpossession of a payment card device during an online transaction, inaccordance with certain example embodiments.

FIG. 2 is a block flow diagram depicting a method for generating apayment card device comprising a shared secret known to an issuersystem, in accordance with certain example embodiments.

FIG. 3 is a block flow diagram depicting a method for verifying userpossession of a payment card device during an online transaction, inaccordance with certain example embodiments.

FIG. 4 is a block flow diagram depicting a method for establishing adigital wallet account with an account management system, in accordancewith certain example embodiments.

FIG. 5 is a block flow diagram depicting a method for accessing amerchant website and initiating an online transaction, in accordancewith certain example embodiments.

FIG. 6 is a block flow diagram receiving an unpredictable numbergenerated by a merchant system on a payment card device, in accordancewith certain example embodiments.

FIG. 7 is a block flow diagram depicting a method for verifying apayment card device via a cryptographic checksum, in accordance withcertain example embodiments.

FIG. 8 is a block diagram depicting a computing machine and module, inaccordance with certain example embodiments.

DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS

Overview

The example embodiments described herein provide computer-implementedtechniques for verifying user possession of a payment card device duringan online transaction.

In an example embodiment, an issuer system manufactures, or causes to bemanufactured, a payment card comprising a shared secret stored in thepayment card for distribution to a user. The user establishes a digitalwallet account with an account management system and adds paymentinformation associated with the payment card device to the user's 101digital wallet account. The user accesses a merchant system website viaa user computing device, selects one or more items for purchase, andselects an option to checkout using the digital wallet account on themerchant system website. The user selects, from a digital walletapplication operating on the user computing device, the paymentinformation associated with the payment card device for use in an onlinetransaction with the merchant system. The merchant system generates anunpredictable number for the payment card device and communicates theunpredictable number to the user computing device. The user taps thepayment card device to the user computing device to establish a wirelesscommunication channel between the payment card device and the usercomputing device. The user computing device transmits the unpredictablenumber to the payment card device. An application resident on thepayment card calculates a cryptographic check sum based on theunpredictable number and the shared secret and communicates the checksum and payment card information to the user computing device, whichcommunicates the check sum and payment card information to the merchantsystem via the account management system. The merchant system transmitsthe check sum and the payment card information to the issuer system in atransaction authorization request. The issuer system verifies the checksum using the shared secret and the unpredictable number associated withthe payment card information. The issuer system approves the transactionauthorization request and notifies the merchant system of the approvalof the transaction authorization request. The merchant system transmitsa receipt to the user computing device to display to the user.

In an example embodiment, the issuer system receives a request togenerate a payment card for a user. In an example, the user applies fora credit card with the issuer system or an acquirer system associatedwith the issuer system. The issuer system generates financial accountinformation and a payment card is manufactured. For example, the issuersystem creates a user account associated with the user applying for thepayment card and creates an account number associated with the useraccount. In another example embodiment, the issuer system retrievesfinancial account information associated with the user and manufacturesa payment card for the user. For example, the user lost a payment cardand requests a replacement payment card from the issuer system.

In the example embodiments described herein, the issuer system generatesa shared secret and stores the shared secret on the payment card deviceor otherwise arranges for the shared secret to be stored on the paymentcard device. An example payment card device comprises a plastic paymentcard comprising an application capable of communicating with a usercomputing device via a wireless communication channel, for example, anear field communication (“NFC”) channel, a Bluetooth communicationchannel, or a Wi-Fi communication channel. In an example embodiment, theexample payment card device comprises a secure memory or a secureelement that stores the payment card information associated with theuser account. The user receives the payment card device. For example,the issuer system mails the payment card device to an address providedby the user in the user's application for a payment card.

In an example embodiment, the user establishes a digital wallet accountwith a account management system. For example, the user accesses awebsite, via a user computing device, associated with the accountmanagement system and establishes the digital wallet account. The userdownloads a digital wallet application onto the user computing device.In the example embodiments described herein, the digital walletapplication resident on the user computing device communicates with theaccount management system via a network. The user may use the digitalwallet account and/or digital wallet application resident on the usercomputing device to store payment information associated with one ormore payment card devices. In an example embodiment, the user addspayment information associated with the payment card device to thedigital wallet account via the digital wallet application.

In an example embodiment, the user conducts an online transaction with amerchant system using the digital wallet account. For example, the useraccesses a merchant system website using the user computing device,selects one or more items for purchase, and selects an option to checkout using the user's digital wallet account. The digital walletapplication displays a request for the user to select payment cardinformation and the user selects the payment card information associatedwith the payment card device and initiates a transaction. In an exampleembodiment, the account management system requests the merchant systemto generate an unpredictable number. In an example embodiment, themerchant system generates the unpredictable number and transmits theunpredictable number to the account management system, which transmitsthe unpredictable number to the user computing device. The digitalwallet application operating on the user computing device displays aninstruction to the user to tap the payment card device to the usercomputing device. In an example embodiment, the user taps the paymentcard device to the user computing device and a near field communication(“NFC”) channel is established between the payment card device and theuser computing device. For example, a controller resident on the usercomputing device may instruct an antenna resident on the user computingdevice to output a radio signal or listen for radio signals. In thisexample, a controller on the payment card device may instruct an antennaresident on the payment card device to output radio signals or listenfor radio signals. Either the user computing device or the payment carddevice detects the proximity of the other device and the two devicesestablish an NFC communication channel over which data may becommunicated between the two devices. In another example embodiment,another type of communication channel is established, such as aBluetooth communication channel or a Wi-Fi communication channel.

In an example embodiment, the digital wallet application resident on theuser computing device transmits the unpredictable number to the paymentcard device via the wireless communication channel maintained betweenthe user computing device and the payment card device. In an exampleembodiment, the payment card device receives the unpredictable numberand calculates a cryptographic check sum based on the unpredictablenumber and the shared secret. In an example, the payment card deviceapplication retrieves the shared secret from a secure memory or secureelement resident on the payment card device. The payment card devicetransmits the cryptographic check sum to the user computing device viathe wireless communication channel. The account management systemreceives the cryptographic check sum from the user computing device andtransmits the check sum to the merchant system along with payment cardinformation.

In an example embodiment, the merchant system generates a transactionauthorization request comprising payment information associated with thepayment card, the received cryptographic checksum, and the unpredictablenumber. The issuer system receives the check sum, the payment cardinformation, and the unpredictable number. The issuer system calculatesthe cryptographic check sum associated with the payment card informationusing the shared secret and unpredictable number. For example, theissuer system may comprise a database wherein payment card informationassociated with a payment card device are stored and associated withcorresponding shared secrets. In this example, when the issuer systemreceives the payment card information from the user computing device,the issuer system retrieves the corresponding shared secret. In anexample embodiment, the issuer system compares the calculatedcryptographic check sum to the cryptographic check sum received from themerchant system in the transaction authorization request.

In an example embodiment, the issuer system approves the transactionauthorization request if the check sum calculated by the issuer systemmatches the check sum generated by the payment card device and receivedfrom the merchant system. In another example embodiment, the issuersystem declines the transaction authorization request if the check sumcalculated by the issuer system is different from the check sumgenerated by the payment card device and received from the merchantsystem. In yet another example embodiment, the check sum calculated bythe issuer system and the check sum received from the merchant systemmatch, but the issuer system declines the transaction authorizationrequest for other reasons. For example, the user may not have alreadyexceeded his credit limit associated with the payment card account orwould exceed the credit limit if the transaction were approved by theissuer system. In an example embodiment, the issuer system transmits anotice of approved or declined transaction authorization request to themerchant system. In an example embodiment, the merchant system transmitsa receipt to the user computing device.

By using and relying on the methods and systems described herein, theissuer system, account management system, merchant system, and usercomputing device enable the issuer system to verify user possession ofthe payment card device without the user having to undergo separatecommunication with the issuer system, as required in some currenttechnology. For example, by issuing the payment card device comprisingthe shared secret to the user and conducting a verification of thechecksum, the issuer system is able to verify user possession of thepayment card device. For example, the methods and systems describedherein do not require the user to access a web site of the issuer systemand enter a password or otherwise communicate a verification valuecommunicated out of band to the user from the issuer system. As such,the systems and methods described herein may reduce the inputs requiredby the user via the user computing device and the processing required bythe issuer system to verify user possession of the payment card device.Additionally, by verifying user possession of the payment card deviceduring an online transaction, the transaction may receive “card present”transaction rates, which are less than “card not present” transactionrates, which would provide economic savings to the user.

Example System Architecture

Turning now to the drawings, in which like numerals indicate like (butnot necessarily identical) elements throughout the figures, exampleembodiments are described in detail.

FIG. 1 is a block diagram depicting a system 100 for verifying userpossession of a payment card device during an online transaction, inaccordance with certain example embodiments. As depicted in FIG. 1, thesystem 100 includes network computing devices 110, 120, 130, 140, 150,and 160 that are configured to communicate with one another via one ormore networks 170. In some embodiments, a user associated with a devicemust install an application and/or make a feature selection to obtainthe benefits of the techniques described herein.

In example embodiments, the network 170 can include a local area network(“LAN”), a wide area network (“WAN”), an intranet, an Internet, storagearea network (“SAN”), personal area network (“PAN”), a metropolitan areanetwork (“MAN”), a wireless local area network (“WLAN”), a virtualprivate network (“VPN”), a cellular or other mobile communicationnetwork, Bluetooth, Bluetooth low energy, NFC, or any combinationthereof or any other appropriate architecture or system that facilitatesthe communication of signals, data, and/or messages. Throughout thediscussion of example embodiments, it should be understood that theterms “data” and “information” are used interchangeably herein to referto text, images, audio, video, or any other form of information that canexist in a computer-based environment.

Each network computing device 110, 120, 130, 140, 150, and 160 includesa device having a communication module capable of transmitting andreceiving data over the network 170. For example, each network computingdevice 110, 120, 130, 140, 150, and 160 can include a server, desktopcomputer, laptop computer, tablet computer, a television with one ormore processors embedded therein and/or coupled thereto, smart phone,handheld computer, personal digital assistant (“PDA”), or any otherwired or wireless, processor-driven device. In the example embodimentdepicted in FIG. 1, the network computing devices 110, 120, 130, 140,150, and 160 are operated by users 101, users 101, account managementsystem operators, acquirer system operators, issuer system operators,and merchant system operators, respectively.

An example user computing device 110 comprises an antenna 111, an NFCcontroller 112, a data storage unit 113, a secure element 114, a digitalwallet application 115, a user interface 116, a web browser 117, and acommunication application.

In an example embodiment, the antenna 111 is a means of communicationbetween the user computing device 110 and a payment card device 120. Inan example embodiment, an NFC controller 112 outputs through the antenna111 a radio signal, or listens for radio signals from the payment carddevice 120. In another example embodiment a Bluetooth controller or aWi-Fi controller is used. In an example embodiment, the NFC controller112 outputs through the antenna 111 a radio signal, or listens for radiosignals from the payment card device 120.

In an example embodiment, the NFC controller 112 is capable of sendingand receiving data, performing authentication and ciphering functions,and directing how the user computing device 110 will listen fortransmissions from the payment card device 120 or configuring the usercomputing device 110 into various power-save modes according toNFC-specified procedures. In another example embodiment, the usercomputing device 110 comprises a Bluetooth controller or a Wi-Ficontroller capable of performing similar functions. An example NFCcontroller 112 communicates with the digital wallet application 115 andis capable of sending and receiving data over a wireless, NFCcommunication channel. In another example embodiment, a Bluetoothcontroller 112 or Wi-Fi controller 112 performs similar functions as theNFC controller 112 using Bluetooth or Wi-Fi protocols. In an exampleembodiment, the NFC controller 112 activates the antenna 111 to create awireless communication channel between the user computing device 110 andthe payment card device 120. The user computing device 110 communicateswith the payment card device 120 via the antenna 111. In an exampleembodiment, when the user computing device 110 has been activated, theNFC controller 112 polls through the antenna 111 a radio signal, orlistens for radio signals from the payment card device 120.

In an example embodiment, the data storage unit 113 comprises a local orremote data storage structure accessible to the user computing device110 suitable for storing information. In an example embodiment, the datastorage unit 113 stores encrypted information, such as HTML5 localstorage. In an example embodiment, the data storage unit 113 resideswithin a secure element 114.

In an example embodiment, the secure element 114 exists within aremovable smart chip or secure digital (SD) card or may be embeddedwithin a fixed chip on the user computing device 110. In certain exampleembodiments, Subscriber Identity Module (SIM) cards may be capable ofhosting a secure element 114, for example, an NFC SIM Card. The secureelement 114 allows a digital wallet application 115 or other applicationresident on the user computing device 110 to interact securely withcertain functions within the secure element 114, while protectinginformation stored within the secured element 114. In an exampleembodiment, the secure element 114 comprises components typical of asmart card, such as crypto processors and random generators. In anexample embodiment, the secure element 114 comprises a Smart MX type NFCcontroller in a highly secure system on a chip controlled by a smartcard operating system, such as a JavaCard Open Platform (JCOP) operatingsystem. In another example embodiment, the secure element 114 isconfigured to include a non-EMV type contactless smart card, as anoptional implementation. The secure element 114 communicates with thedigital wallet application 115 in the user device 110. In an exampleembodiment, the secure element 114 is capable of storing encrypted userinformation and only allowing trusted applications to access the storedinformation. In an example embodiment, an NFC controller 112 interactswith a secure key encrypted application for decryption and installationin the secure element 114.

In an example embodiment, the digital wallet application 115 is aprogram, function, routine, applet, or similar entity that exists on andperforms its operations on the user computing device 110. In certainembodiments, the user 101 must install the digital wallet application115 and/or make a feature selection on the user computing device 110 toobtain the benefits of the techniques described herein. In an exampleembodiment, the digital wallet application 115 communicates with theaccount management system 130, which manages the user's 101 digitalwallet account. In an example embodiment, the user 101 may access theuser's 101 digital wallet account via the digital wallet application115. In an example embodiment, the user 101 may select an option, viathe digital wallet application 115, to add payment card information tothe digital wallet account. In an example embodiment, the digital walletapplication 115 establishes a wireless communication channel with thepayment card device 120 in response to detecting that the user 101 hastapped the payment card device 120 to the user computing device 110.

In an example embodiment, when the user 101 initiates a digital wallettransaction with the merchant system 160 on the merchant system website167, the digital wallet application 115 displays a request for the user101 to select payment information from the user's 101 digital walletaccount to use in the transaction. In an example embodiment, in responseto receiving a user 101 selection of the payment card device 120 for usein the transaction, the digital wallet application 115 communicates theuser 101 selection of the payment card device 120 to the accountmanagement system 130.

In certain example embodiments described herein, one or more functionsperformed by the digital wallet application 115 resident on the usercomputing device 110 may also be performed by a web browser 117application associated with the account management system 130 or by theaccount management system 130. In certain example embodiments describedherein, one or more functions performed by the account management system130 may also be performed by the digital wallet application 115. Incertain example embodiments described herein, one or more functionsperformed by the web browser 117 application associated with the accountmanagement system 130 may also be performed by the digital walletapplication 115.

In certain example embodiments described herein, the digital walletapplication 115 maintains periodic or constant communication with theaccount management system 130 via the network 170. In certain exampleembodiments, the digital wallet application 115 and is able to send andreceive data associated with the user's 101 digital wallet account toand from the account management system 130 when appropriate. Forexample, the digital wallet application 115 may communicate user 101interactions with the digital wallet application 115 via the userinterface 116 to the account management system 130, such as a user 101selection of an option to add a payment card device 120 or a user 101selection of payment card information for use in a transaction with themerchant system 160. In another example, the digital wallet application115 may receive data associated with the user's 101 digital walletaccount from the account management system 130, such as an approval ordenial of a transaction authorization request received from the issuersystem 150.

In an example embodiment, the user interface 116 may be a touch screen,a voice-based interface or any other interface that allows the user 101to provide input and receive output from an application or module on theuser computing device 110. In an example embodiment, the user interface116 enables the user 101 to interact with the digital wallet application115 or a web browser 117 application associated with the accountmanagement system 130. For example, the user 101 may actuate one or moreobjects on the user interface 116 to communicate a selection of anoption on the digital wallet application 115 to add payment informationto the user's 101 digital wallet account. In another example, the user101 may actuate one or more objects on the user interface 116 tocommunicate a selection of payment card data for use in a transaction tothe digital wallet application 115. In example embodiment, the userinterface 116 enables the user 101 to interact with a merchant systemwebsite 167 via the web browser 117. For example, the user 101 mayactuate one or more objects on the user interface 116 to communicate aselection of an option add one or more items to a virtual shopping cart,check out, and/or select an option to conduct a digital wallettransaction on the merchant website 167.

In an example embodiment, the user 101 can use a communicationapplication 118, such as a web browser 117 application or a stand-aloneapplication, to view, download, upload, or otherwise access documents orweb pages via a distributed network 170.

In an example embodiment, the web browser 117 can enable the user 101 tointeract with web pages using the user computing device 110. In anexample embodiment, the user 101 may access the user's 101 digitalwallet account maintained by the account management system 130 via theweb browser 117. In another example embodiment, the user 101 may accessthe merchant system website 167 via the web browser 117. In certainexample embodiments described herein, one or more functions performed bythe digital wallet application 115 may also be performed by a webbrowser 117 application associated with the account management system130.

In an example embodiment, the communication application 118 can interactwith web servers or other computing devices connected to the network170, including the user computing device 110 and a web server 168 of amerchant system 160.

An example payment card device 120 comprises an antenna 121, an NFCcontroller 122, a data storage unit 123, a secure element 124, and anapplication 125.

In an example embodiment, the issuer system 150 produces the paymentcard device 120 or otherwise orders the production of the payment carddevice 120. In an example embodiment, the issuer system 150 generates ashared secret and saves the shared secret on the payment card device 120or otherwise arranges for the shared secret to be saved on the paymentcard device 120. In an example embodiment, the payment card device 120is a standard payment card, such as a credit card or a debit card, whichconforms to industry customs and standards. For example, the paymentcard device 120 may comprise an account number, an expiration date, andother standard information written or otherwise engraved on the front orback of the card in addition to a magnetic stripe comprising paymentinformation. In the example embodiments described herein, the paymentcard device 120 is able to establish a wireless communication channel,such as an NFC communication channel, with a user computing device 110and send and receive data via the wireless communication channel.

An example NFC controller 122 communicates with the application 125 andis capable of sending and receiving data over a wireless, NFCcommunication channel. In another example embodiment, the controller 122is a Bluetooth controller or Wi-Fi controller and is capable of sendingand receiving data over the corresponding wireless communicationchannel. In an example embodiment, the NFC controller 122 activates theantenna 121 to create the wireless communication channel. The paymentcard device 120 communicates with the user computing device 110 via theantenna 121. In an example embodiment, when the payment card device 120has been activated, the NFC controller 122 polls through the antenna 121a radio signal, or listens for radio signals from the user computingdevice 110.

An example data storage unit 123 comprises a local or remote datastorage structure accessible to the payment card device 120 suitable forstoring information. In an example embodiment, the data storage unit 123stores encrypted information, such as HTML5 local storage. In an exampleembodiment, the data storage unit 123 resides within a secure element124. In an example embodiment, the data storage unit 123 stores paymentcard information associated with a user's 101 financial account with theissuer system 150. In an example embodiment, the data storage unit 123stores a shared secret generated by the issuer system 150.

An example secure element 124 is capable of storing encrypted userinformation and only allowing trusted applications to access the storedinformation. In an example embodiment, the shared secret generated bythe issuer system 150 and/or the payment card information is stored inthe secure element 124. In an example embodiment, the secure element 124comprises a processor that can perform certain functions, such ascalculating a checksum based on a stored shared secret and anunpredictable number generated by a merchant system 160. In this exampleembodiment, the secure element 124 processor executes the application125 resident on the secure element 124 to calculate a cryptographicchecksum or perform other functions described herein as being performedby the application 125.

An example application 125 is a program, function, routine, applet, orsimilar entity that exists on and performs its operations on the paymentcard device 120. In certain embodiments, the issuer system 150 mustinstall the application 125 to obtain the benefits of the techniquesdescribed herein. In an example embodiment, the application 125communicates with the NFC controller 122 to activate the antenna 121 andsend and/or receive data via the antenna 121 from the user computingdevice 110. In an example embodiment, the application 125 extractspayment card data stored on the data storage unit 123 and/or secureelement 124 in response to receiving a request for payment cardinformation from the user computing device 110 via the wireless NFCcommunication channel.

An example account management system 130 comprises a data storage unit133 and a payment processing module 135.

An example data storage unit 133 comprises a local or remote datastorage structure accessible to the account management system 130suitable for storing information. In an example embodiment, the datastorage unit 133 stores encrypted information, such as HTML5 localstorage. In an example embodiment, the account management system 130stores data in data storage unit 133 associated with the user's 101digital wallet account.

An example payment processing module 135 communicates with the usercomputing device 110 and the issuer system 150. In an exampleembodiment, the payment processing module 135 transmits a request for anunpredictable number to the merchant system 160, receives anunpredictable number from the merchant system 160, and transmits theunpredictable number to the user computing device 110. In an exampleembodiment, the payment processing module 135 generates a transactionauthorization request associated with a user 101 initiated onlinetransaction with the merchant system 160. In an example embodiment, thepayment processing module 135 transmits the transaction authorizationrequest to the issuer system 150 and receives an approval or denial ofthe transaction authorization request from the issuer system 150. In anexample embodiment, the payment processing module 135 generates areceipt based on the received approval or denial of the transactionauthorization request. In another example embodiment, the paymentprocessing module 135 transmits a check sum generated by the paymentcard device 120 and payment account information associated with thepayment card device to the merchant system 160, which generates atransaction authorization request to transmit to the issuer system 150.In certain example embodiments, one or more functions performed by thepayment processing module 135 and/or account management system 130 mayalso be performed by the digital wallet application 115 and/or a webbrowser 117 application associated with the account management system130.

An example acquirer system 140 interacts with the merchant system 160and the issuer system 150 to process the payment. For example, theacquirer is a third party payment processing company. In an exampleembodiment, the transaction authorization request sent by the merchantsystem 160 to the issuer system 150 is routed through the acquirersystem 140.

An example issuer system 150 maintains a financial account, such as acredit account, associated with the user 101. In an example embodiment,the issuer system 150 produces a payment card device 120 or causes apayment card device 120 to be produced that comprises payment cardinformation associated with the user's 101 financial account. In anexample embodiment, the issuer system 150 generates a shared secret thatis saved on the payment card device 120. In the example embodimentsdescribed herein, the issuer system 150 may communicate with an acquirersystem 140, the account management system 130, the user computing device110, and/or the merchant system 160 via the network 170. In an exampleembodiment, the issuer system 150 verifies a cryptographic checksumcalculated by the payment card device 120 using the shared secretassociated with the payment card device 120 and the unpredictable numbergenerated by the merchant system 160.

In an example embodiment, the issuer system 150 receives, from themerchant system 160, a transaction authorization request, a check sumgenerated by the payment card device 120, and an unpredictable numbergenerated by the merchant system 160. In an example embodiment, theissuer system 150 approves the transaction based on the validity of thereceived check sum and any other relevant considerations for approving atransaction authorization request. In other example embodiments, theissuer system 150 denies a transaction authorization request. In anexample embodiment, the issuer system 150 transmits a notice of approvalor denial of the transaction authorization request to the merchantsystem 160, the account management system 130, and/or the user computingdevice 110. In an example embodiment, in response to approving thetransaction authorization request, the issuer system 150 schedules apayment to a merchant system 160 account for the amount of the user 101transaction and bills the user 101 for the transaction amount.

An example merchant system 160 comprises a data storage unit 163, awebsite 167, and a server 168.

An example data storage unit 163 comprises a local or remote datastorage structure accessible to the merchant system 160 suitable forstoring information. In an example embodiment, the data storage unit 163stores encrypted information, such as HTML5 local storage.

An example website 167 comprises a merchant system 160 shopping websiteand allows users 101 to select one or more items for purchase on thewebsite 167 and initiate an online digital wallet transaction with themerchant system 160 using a user's 101 digital wallet account associatedwith the account management system 130.

An example server 168 provides the content accessible by the user 101through the web browser 113 or shopping application (not depicted) onthe user computing device 110, including but not limited to htmldocuments, images, style sheets, and scripts. In an example embodiment,the server 168 supports the merchant system's 160 website 167.

It will be appreciated that the network connections shown are exampleand other means of establishing a communications link between thecomputers and devices can be used. Moreover, those having ordinary skillin the art having the benefit of the present disclosure will appreciatethat the user computing device 110, the payment card device 120, theaccount management system 130, the acquirer system 140, the issuersystem 150, and the merchant system 160 illustrated in FIG. 1 can haveany of several other suitable computer system configurations. Forexample, a user computing device 110 embodied as a mobile phone orhandheld computer may or may not include all the components describedabove.

In example embodiments, the network computing devices and any othercomputing machines associated with the technology presented herein maybe any type of computing machine such as, but not limited to, thosediscussed in more detail with respect to FIG. 8. Furthermore, anymodules associated with any of these computing machines, such as modulesdescribed herein or any other modules (scripts, web content, software,firmware, or hardware) associated with the technology presented hereinmay by any of the modules discussed in more detail with respect to FIG.8. The computing machines discussed herein may communicate with oneanother as well as other computer machines or communication systems overone or more networks, such as network 170. The network 170 may includeany type of data or communications network, including any of the networktechnology discussed with respect to FIG. 8.

Example Processes

The example methods illustrated in FIGS. 2-7 are described hereinafterwith respect to the components of the example operating environment 100.The example methods of FIGS. 2-7 may also be performed with othersystems and in other environments.

FIG. 2 is a block diagram depicting a method 200 for generating apayment card device 120 comprising a shared secret known to an issuersystem 150, in accordance with certain example embodiments. The method200 is described with reference to the components illustrated in FIG. 1.

In block 210, the issuer system 150 receives a request to generate apayment card for a user 101. For example, a user 101 applies for acredit card, debit card, or other payment card device 120 with theissuer system 150 or an acquirer system or other system associated withthe issuer system 150. For example, the user 101 submits an applicationfor a credit card comprising user 101 demographic data such as theuser's 101 name, annual income, annual expenses, estimated amount ofdebt, address, and any other useful or relevant information related to acredit card application. In another example embodiment, the user 101already has a financial account associated with the issuer system 150and the user 101 requests the issuer system 150 to generate a paymentcard device 120 or replacement payment card device 120 when a user 101has lost a payment card device 120.

In block 220, the issuer system 150 generates financial accountinformation and a payment card device 120 is manufactured. For example,the issuer system 150 approves the user's 101 application for a paymentcard device 120 and creates a financial account and payment card device120 for the user 101. Example financial account information comprises afinancial account number. In another example embodiment, the user 101already has a financial account with the issuer system 150 and theissuer system 150 retrieves the financial account information associatedwith the user 101. In an example embodiment, the issuer system 150generates payment card information associated with the manufacturedpayment card device 120 such as a payment card device 120 number, a cardverification value (“CVC”), an expiration date, and/or other necessaryinformation relevant to the user's 101 financial account with the issuersystem 150 and/or payment card device 120. In an example embodiment, theissuer system 150 comprises a manufacturing facility and manufacturesthe payment card device 120. In an example embodiment, the issuer system150 orders a payment card device 120 to be manufactured by anothersystem.

In block 230, the issuer system 150 generates a shared secret andassociates the shared secret with the financial account information andpayment card device 130. In an example embodiment, the issuer system 150comprises a database and stores in the database a record comprising theuser's 101 name, financial account number, financial accountinformation, payment card device 120 information, and the shared secretassociated with the payment card device 120.

In block 240, the shared secret and financial account information arestored on the payment card device 120. In an example embodiment, thepayment card device 120 comprises a secure element 124 or secure memorywherein the financial account information and shared secret are stored.An example shared secret comprises one or more strings of numbers,letters, and/or symbols.

In block 250, the user 101 receives the payment card device 120. In anexample embodiment, the user 101 receives the payment card device 120 inthe mail along with an approval of the user's 101 application for thepayment card device 120.

FIG. 3 is a block diagram depicting a method 300 for verifying user 101possession of a payment card device 120 during an online transaction, inaccordance with certain example embodiments. The method 300 is describedwith reference to the components illustrated in FIG. 1.

In block 310, the user 101 establishes a digital wallet account with theaccount management system 130. The method for establishing a digitalwallet account with the account management system 130 is described inmore detail hereinafter with reference to the method described in FIG.4.

FIG. 4 is a block diagram depicting a method 310 for establishing adigital wallet account with a account management system 130, inaccordance with certain example embodiments. The method 310 is describedwith reference to the components illustrated in FIG. 1.

In block 410, the user 101 accesses a account management system 130website. In an example embodiment, the user 101 accesses the accountmanagement system 130 website (not depicted) via the web browser 117 ofthe user computing device 110. For example, the user 101 enters thewebsite address in the address bar of the web browser in order to accessthe website. In another example embodiment, the user 101 accesses theaccount management system 130 website using an application resident onthe user computing device 110. For example, the user 101 selects anapplication on the user computing device 110 that connects the user 101to the account management system 130 website.

In block 420, the user 101 establishes a digital wallet account with theaccount management system 120. In an example embodiment, the user 101registers a username and a password associated with the user account touse to sign in to the digital wallet account. In an example embodiment,the user account is further associated with an email service, amessaging service, a gaming service, or a mapping service. In anotherexample embodiment, the user account is associated with multipleservices in addition to the digital wallet account. In an exampleembodiment, the user 101 may enter payment account information into thedigital wallet account via the user computing device 110. For example,the user 101 may enter payment account information associated with oneor more bank accounts, debit cards, credit cards, or other accounts intothe digital wallet account using the user computing device 110.

In block 430, the user 101 downloads a digital wallet application 115onto the user computing device 110. In an example embodiment, thedigital wallet application 115 communicates with the account managementsystem 130 over the network 170. In an example embodiment, the digitalwallet application 115 is associated with the user 101 account and isoperable to allow the user 101 to access the user account and/orservices provided by the account management system 130. In anotherexample embodiment, the user 101 may download various applicationsassociated with the user account from the account management system 130.In another example embodiment, the digital wallet application 115 isdownloaded on the user computing device 110 before the user 101establishes the user account with the account management system 130. Incertain example embodiments, the user 101 does not download the digitalwallet application 115 onto the user computing device 110.

In block 440, the user 101 adds payment information associated with thepayment card device 120 to the user's 101 digital wallet account via thedigital wallet application 115. In an example embodiment, the user 101accesses the digital wallet application 115 and selects an option on thedigital wallet application 115 to add payment card device 120information to the user's 101 digital wallet account. In an exampleembodiment, the digital wallet application 115 requests that the user101 tap a payment card device 120 that the user 101 wishes to add to theuser computing device 110. In an example embodiment, the user 101 tapsthe payment card device 120 to the user computing device 110. In thisexample embodiment, a wireless communication channel is establishedbetween the payment card device 120 and the user computing device 110.For example, a near-field communication (“NFC”), Wi-Fi, or Bluetoothwireless communication channel is established. In an example embodiment,the digital wallet application 115 operating on the user computingdevice transmits a request via the wireless communication channel to thepayment card device 120 requesting payment account information from thepayment card device 120. In an example embodiment, the payment carddevice 120 receives the request for payment account information andtransmits payment account information to the user computing device 110.

In an example embodiment, the payment account information comprisesfinancial account information associated with the payment card device120. In an example embodiment, the payment account information comprisesfinancial account information and account verification information. Inan example embodiment, the financial account information comprisesinformation for a credit account, debit account, bank account, or otherform of financial account information. In another example embodiment,the payment account information comprises secure information containedin a secure memory, secure element 124, or secure sub-device of thepayment card device 120 that conforms to a standardized protocol (suchas a Europay, MasterCard, and VISA (EMV) protocol).

In another example embodiment, the user 101 selects an option on thedigital wallet application 115 to manually enter payment accountinformation from the payment card device 120 via the user interface 116.In this example embodiment, the user 101 may enter an account number, anexpiration date, a zip code, a name, and/or any other appropriatepayment account information associated with the payment card device 120.

From block 440, the method 310 proceeds to block 320 of FIG. 3.

Returning to FIG. 3, in block 320, the user 101 accesses a merchantsystem website 167 and initiates an online payment transaction. Themethod for accessing a merchant system website 167 and initiating anonline payment transaction is described in more detail hereinafter withreference to the method 320 described in FIG. 5.

FIG. 5 is a block diagram depicting a method 320 for accessing amerchant system website 167 and initiating an online paymenttransaction, in accordance with certain example embodiments. The method320 is described with reference to the components illustrated in FIG. 1.

In block 510, the user 101 accesses the merchant system website 167. Inan example embodiment, the user 101 enters the merchant website 167address into the web browser 117 of the user computing device 110 orotherwise accesses the merchant website 167 via the web browser 117. Inan example, the user 101 actuates a user interface 116 object for amerchant system 160 advertisement on the web browser 117 and the webbrowser 117 redirects to the website 167. In another example embodiment,the user 101 accesses the merchant system website 167 via a merchantapplication (not shown) resident on the user computing device 110 thatcommunicates with the merchant system 160 over the network 170. Forexample, the user 101 downloads the merchant application from themerchant system 160. An example merchant application may comprise a gameapplication, a shopping application, or any other application thatallows the user 101 make online purchases via the merchant application.

In block 520, the user 101 selects one or more items for purchase on themerchant system website 167. For example, the user 101 selects one ormore items on the website 167 and selects an option to add the items toa virtual shopping cart on the merchant system website 167.

In block 530, the user 101 selects an option to purchase using theuser's 101 digital wallet account. For example, the user 101 actuates auser interface 116 object to select an option to checkout on the website167. In an example embodiment, the merchant system website 167 displaysone or more options for checkout. In this example embodiment, themerchant system website 167 may display an option for the user 101 tocheck out using the digital wallet account associated with the accountmanagement system 130. For example, the merchant system website 167 maydisplay an option to pay via credit card, bank account, or digitalwallet application.

In block 540, the digital wallet application 115 displays paymentoptions to the user 101. In an example embodiment, the merchant systemwebsite 167 communicates transaction details to the user computingdevice 110 and/or the account management system 130 over the network170. For example, transaction details may comprise a total amount of thetransaction initiated by the user 101. In another example, thetransaction details may further comprise a list of items andcorresponding prices in the transaction, a merchant system 160 accountnumber associated with a financial institution, and any other useful orrelevant information that the account management system 130 and/or usercomputing device 110 digital wallet application 115 may use to processthe user-initiated transaction. In this example embodiment, the accountmanagement system 130 and/or the user computing device 110 receives thetransaction details transmitted by the merchant system website 167. Forexample, the account management system 130 receives the transactiondetails from the merchant system website 167 over the network 170 andcommunicates the transaction details to the user computing device 110via the network 170. In an example embodiment, in response to receivingthe transaction details from the merchant system 160, the digital walletapplication 115 operating on the user computing device 110 displays oneor more payment options of the user's 101 digital wallet account to theuser 101 for selection by the user 101. For example, the user's 101digital wallet account may comprise payment account informationassociated with one or more credit cards, including payment accountinformation associated with the payment card device 120.

In another example embodiment, the merchant system 160 does not transmittransaction details to the account management system 130 or the usercomputing device 110. In this example embodiment, the merchant system160, in response to receiving an indication of a user 101 selection ofan option to check out using a digital wallet account on the merchantsystem website 167, transmits a request for payment account informationto the account management system 130. In this example embodiment, inresponse to receiving the request for payment account information, theaccount management system 130 instructs the digital wallet application115 operating on the user computing device 110 to display one or morepayment options associated with the user's 101 digital wallet account tothe user 101 for selection via the user computing device 110.

In block 550, the user 101 selects payment information corresponding tothe payment card device 120 for use in the payment transaction. Forexample, the user 101 actuates one or more objects on the user interface116 to select the payment information corresponding to the payment carddevice 120 on the digital wallet application 115.

In other example embodiments, the user 101 does not select paymentinformation from a digital wallet application 115 for use in the paymenttransaction. In this example embodiment, the user 101 may select anoption on the merchant system website 167 to pay using a payment card.For example the user 101 selects an option to pay using a payment cardassociated with an issuer system 150 associated with the payment carddevice 120. In this example embodiment, the merchant system website 167communicates to the account management system 130 the user's 101selection to pay via a payment card associated with the issuer system150.

From block 550, the method 320 proceeds to block 330 in FIG. 3.

Returning to FIG. 3, in block 330, the payment card device 120 receivesan unpredictable number generated by the merchant system 160.

The method for receiving, on a payment card device 120, an unpredictablenumber generated by a merchant system 160 is described in more detailhereinafter with reference to the method 330 described in FIG. 6.

FIG. 6 is a block diagram depicting a method 330 for receiving, on apayment card device 120, an unpredictable number generated by a merchantsystem 160, in accordance with certain example embodiments. The method330 is described with reference to the components illustrated in FIG. 1.

In block 610, the account management system 130 transmits a request foran unpredictable number to the merchant system 160. In an exampleembodiment, the merchant system 160 receives the request for anunpredictable number via the network 170.

In block 620, the merchant system 160 generates an unpredictable number.In an example embodiment, the merchant system 160 comprises a randomnumber generator with which the merchant system 160 generates theunpredictable number. In an example embodiment, the merchant system 160generates a data item. For example, the data item may comprise a randomnumber or an unpredictable number. In this example embodiment, the dataitem may be any suitable data item that can be used by the payment carddevice 120 and/or issuer system 150, along with the shared secret, tocreate a cryptographic checksum. In the example embodiments describedherein, functions performed using the unpredictable number may also beperformed using the data item generated by the merchant system 160.

In block 630, the merchant system 160 transmits the unpredictable numberto the account management system 130. For example, the merchant system160 transmits the unpredictable over the network 170 to the accountmanagement system 130.

In block 640, the account management system 130 receives theunpredictable number and communicates the unpredictable number to thedigital wallet application 115. In the example embodiments describedherein, the digital wallet application 115 operating on the usercomputing device 110 communicates with the account management system 130via the network 170. In an example embodiment, the account managementsystem 130 communicates the unpredictable number to the digital walletapplication 115 resident on the user computing device 110 over thenetwork 170. In other example embodiments, the account management system130 does not communicate the unpredictable number to the digital walletapplication 115, but otherwise communicates the unpredictable number tothe user computing device 110 so that the user computing device 110 maycommunicate the unpredictable number to the payment card device 110 viaa wireless communication channel.

In block 650, the digital wallet application receives the unpredictablenumber. For example, the digital wallet application 115 operating on theuser computing device 110 receives the unpredictable number from thepayment processing system 130 via the network 170. In other exampleembodiments, the user computing device 110 otherwise receives theunpredictable number from the payment processing system 130 via thenetwork 170.

In block 660, the digital wallet application displays on the usercomputing device 110 a request that the user 101 tap the payment carddevice 120 to the user computing device 110. For example, the digitalwallet application 115 may display an instruction on the user interface116 that reads “please tap the payment card you selected for use in thistransaction.” In another example, the user computing device 110 displaysan instruction that reads “please tap a payment card for use in thistransaction.” In an example, the digital wallet application 115 and/orthe user computing device 110 may display more detailed instructionsthat would enable a user 101 to understand how to tap a payment card tothe user computing device 110.

In an example embodiment, in response to receiving the unpredictablenumber from the merchant system 160 via the payment processing system130, the digital wallet application 115 activates a reader mode on theuser computing device 110. In an example embodiment, the reader modecomprises configuring the user computing device 110 to be able torequest, read, and/or receive payment account information from a paymentcard device 120. In an example embodiment, the digital walletapplication 115 disables conflicting modes on the user computing device110. In an example embodiment, the user computing device 110 isconfigured to share information with other devices when an NFC wirelesscommunication channel is established between the user computing device110 and the other devices. In another example embodiment, the usercomputing device 110 is configured to share information with otherdevices when a Bluetooth wireless communication channel or Wi-Fiwireless communication channel is established between the user computingdevice 110 and the other devices.

In an example embodiment, the user computing device 110 is able toreceive and transmit information to the payment card device 120.However, in order to securely receive payment account information toprocess the payment transaction, this communication mode must bedisabled to enable a “reader-only” communication mode. For example,automatic identification beaming may be configured on the user computingdevice 110 to share information with other reader mode devices in NFCproximity. This automatic identification beaming interferes withretrieving payment account information via the NFC wirelesscommunication channel. Therefore, the automatic identification beamingfunctionality must be disabled when the user computing device 110 isconfigured to read payment account information via the NFC wirelesscommunication channel. In example embodiment, the digital walletapplication 115 disables conflicting modes on the user computing device110 in response to the activation of the reader mode. In another exampleembodiment, a conflicting mode enabling communication with other devicesover a network 170 interferes with the ability of the user computingdevice 110 to establish the NFC wireless communication channel. Forexample, a user computing device 110 such as a mobile phone may beprevented from establishing or maintaining an NFC wireless communicationchannel with a payment card device 120 if it receives or sendsinformation to other devices over a cellular network 170.

In block 670, the user 101 taps the payment card device 120 to the usercomputing device 110 to establish an NFC wireless communication channel.In an example embodiment, the user 101 arranges the physical locationsand/or physical orientations of the payment card device 120 and/or theuser computing device 110 so that the payment card device 120 and theuser computing device 110 are within a threshold proximity necessary toestablish and maintain an NFC communication channel. In an exampleembodiment, the required proximity distance between the devices(including devices 110 and 120) is defined by the type of RF wirelesscommunication channel established. For example, NFC communicationdistances generally range from about three to about four inches. In anexample embodiment, the user 101 “taps” the NFC-enable payment carddevice 120 in the RF field of the user computing device 110 by movingthe payment card device 120 within the predefined proximity of the usercomputing device 110. In an example embodiment, the predefined proximityis based at least in part on the strength of the generated RF fieldand/or the type of wireless communication used by the devices (includingdevices 110 and 120).

In an example embodiment, an NFC communication channel is establishedbetween the payment card device 120 and the user computing device 110 asa result of the user 101 tapping the payment card device 120 to the usercomputing device 110. In an example embodiment, the user computingdevice 110 detects the presence of the payment card device 120. In anexample embodiment, the user computing device 110 detects when thepayment card device 120 is moved into the RF field and/or moved withinthe predefined proximity of the user computing device 110. In anotherexample embodiment, the payment card device 120 detects the usercomputing device 110. In an example embodiment, the detection of thephysical proximity of the payment card device 120 ensures that the usercomputing device 110 is communicating with only one payment card device120. In another example embodiment, the detection of the physicalproximity of the payment card device 120 ensures that the payment carddevice 120 is physically present within the RF field generated by theuser computing device 110.

In an example embodiment, the payment card device application 125 isactivated by the RF field generated by the user computing device 110. Inan example embodiment, the payment card device application 125 isactivated when the payment card device 120 detects the RF fieldgenerated by the antenna 111 of the user computing device 110. In anexample embodiment, an NFC-enabled tag or component of the payment carddevice 120 is activated and/or energized by the RF field generated bythe user computing device 110.

In an example embodiment, user computing device 110 requests a securecommunication channel with the payment card device 120. In an exampleembodiment, the user computing device digital wallet application 115 andthe payment card device application 125 establish any number ofprotocols to enable a secure communication, including but not limited toNFC protocols. In an example embodiment, the user computing device 110and the payment card device 120 exchange a key to set up a securewireless communication channel.

In an example embodiment, the payment card device 120 receives thesecure communication channel request. In another example embodiment, theuser computing device 110 receives the communication channel networkrequest from the payment card device 120. In an example embodiment, thepayment card device 120 accepts the secure communication channelrequest. In another example embodiment, the user computing device 110accepts the secure communication channel request. In an exampleembodiment, during this process, the payment card device 120 and theuser computing device 110 establish a secure communication relationshipby creating an encryption key for use in encrypting communicationsbetween the devices (including devices 110 and 120). In an exampleembodiment, the payment card device 120 does not accept the securecommunication channel request from user computing devices 110 if theuser computing device 110 does not have a required certificate withinits secure element 114. For example, a payment card device 120 onlyaccepts secure communication channel requests from a requesting digitalwallet application 115 on a user computing device 110 that has acertificate from the financial institution associated with the paymentcard device 120. In another example embodiment, the payment card device120 determines whether to accept the secure communication channelrequest by determining whether the user computing device 110 and/or thedigital wallet application 115 has access to proper public keys ortokens. In yet another example embodiment, the user computing device 110makes this determination.

In block 680, the user computing device 110 transmits the unpredictablenumber to the payment card device 120 via the wireless communicationchannel. In an example embodiment, the original NFC wirelesscommunication channel established before the user computing device 110receives payment card information is maintained between the usercomputing device 110 and the payment card device 120.

In block 690, the payment card device 120 receives the unpredictablenumber. In an example embodiment, the payment card device application125 stores the unpredictable number on the secure element 124 and/or thedata storage unit 123 on the payment card device 120.

From block 690, the method 330 proceeds to block 340 in FIG. 3.

Returning to FIG. 3, in block 340, the payment card device application125 calculates a cryptographic checksum using the shared secret and theunpredictable number. In an example embodiment, the payment card deviceapplication 125 comprises an algorithm that is utilized to calculate thecryptographic checksum using the shared secret and the unpredictablenumber. In this example embodiment, the issuer system 150 configures theapplication 125 or causes the application 125 to be configured tocalculate a cryptographic checksum in response to receiving anunpredictable number generated by a merchant system 150.

In an example embodiment, the application 125 uses a mathematicalalgorithm to calculate the cryptographic checksum based on the sharedsecret and the unpredictable number. In another example embodiment, theapplication 125 rearranges, combines, and/or transforms elements of theunpredictable number and shared secret to produce the cryptographicchecksum. In yet another example embodiment, the shared secret comprisesa mathematical function and the cryptographic checksum comprises anoutput of the function when the unpredictable number is the input of thefunction. In an example embodiment, the application 125 uses acryptographic algorithm, such as a triple data encryption standardalgorithm (“3DES”), to compute the checksum based on the shared secretand unpredictable number. In an example embodiment, the shared secretcomprises an encryption key used to encrypt data.

In block 350, the issuer system 150 verifies the cryptographic checksumreceived in a payment authorization request from the merchant system160. The method for verifying a payment card device 120 via acryptographic checksum is described in more detail hereinafter withreference to the method 350 described in FIG. 7.

FIG. 7 is a block diagram depicting a method 350 for verifying a paymentcard device 120 via a cryptographic checksum, in accordance with certainexample embodiments. The method 350 is described with reference to thecomponents illustrated in FIG. 1.

In block 710, the payment card device 120 transmits the cryptographicchecksum to the user computing device 110 via the NFC wirelesscommunication channel.

In block 720, the user computing device 110 receives the cryptographicchecksum. For example, the user computing device 110 receives thecryptographic checksum via the NFC wireless communication channel. In anexample embodiment, the user computing device 110 communicates thecryptographic checksum to the account management system 130 via thenetwork 170.

In block 730, the account management system 130 transmits thecryptographic checksum and payment card information to the merchantsystem 160. In an example embodiment, the account management system 130retrieves the payment card information associated with the payment carddevice 120 that the user 101 uploaded into the digital wallet account ata previous time. In another example embodiment, the account managementsystem 130 receives payment card information transmitted from thepayment card device 120 to the user computing device 110 along with thecryptographic checksum. In an example embodiment, the account managementsystem 130 transmits the cryptographic checksum and payment cardinformation to the merchant system 160 via the network 170.

In block 740, the merchant system 160 receives the cryptographicchecksum and the payment card information. For example, the merchantsystem 160 receives the cryptographic checksum and the payment cardinformation from the account management system 130 via the network 170.

In block 750, the merchant system 160 transmits a payment authorizationrequest to the issuer system 150 comprising the cryptographic checksum,the unpredictable number, and payment card information. In an exampleembodiment, in addition to comprising the cryptographic checksum, theunpredictable number, and the payment card information the transactionauthorization request further comprises the total currency amount of thetransaction, an account number of the merchant system, and any otherrelevant information for the transaction. In an example embodiment, themerchant system 160 first generates the payment authorization requestbefore transmitting the payment authorization request to the issuersystem 150.

In certain other example embodiments, the merchant system 160 transmitsa payment authorization request generated by the account managementsystem 130. For example, the account management system 130 received thetotal amount, the merchant system 160 account number, and other relevantinformation from the merchant system website 167 or merchant system 160when the user 101 initiated the transaction. In this example, theaccount management system 130 generates a payment authorization requestcomprising the cryptographic checksum, the unpredictable number, and thepayment card information. Additionally, the payment authorizationrequest may further comprise the total transaction amount and a merchantsystem 160 account number. In this example embodiment, the accountmanagement system 130 transmits the generated payment authorizationrequest to the merchant system 160 over the network 170 and the merchantsystem 160 forwards the payment authorization request to the issuersystem 150.

In block 760, the issuer system 150 receives the payment authorizationrequest. For example, the issuer system 150 receives the paymentauthorization request from the merchant system 160 via the network 170.In an example embodiment, the issuer system 150 extracts thecryptographic checksum, the unpredictable number, and the payment cardinformation from the received payment authorization request. In anexample embodiment, the issuer system 150 retrieves the shared secretassociated with the payment card information. In an example embodiment,the issuer system 150 accesses a database wherein shared secrets areassociated with corresponding payment card information and otherrelevant information for user 101 financial accounts with the issuersystem 150.

In block 770, the issuer system 150 calculates a cryptographic checksumassociated with the payment information using a stored shared secret andthe received unpredictable number. In an example embodiment, the issuersystem 150 calculates the cryptographic checksum in the same manner asthe payment card device 120 calculated the cryptographic checksum asdescribed in block 340 of FIG. 3. For example, the issuer system 150uses a mathematical algorithm to calculate the cryptographic checksumbased on the shared secret and the unpredictable number. In anotherexample embodiment, the issuer system 150 rearranges, combines, and/ortransforms elements of the unpredictable number and shared secret toproduce the cryptographic checksum. In yet another example embodiment,the shared secret comprises a mathematical function and thecryptographic checksum comprises an output of the function when theunpredictable number is the input of the function. For example, theshared secret comprises a cryptographic algorithm, such as a triple dataencryption standard algorithm (“3DES”), to compute the checksum.

In block 780, the issuer system 150 compares the calculatedcryptographic checksum to the cryptographic checksum generated by thepayment card device 120. In an example embodiment, the issuer system 150compares each number, symbol, letter, and/or character of the twocryptographic checksums to determine the similarity between the twocryptographic checksums.

From block 780, the method 350 proceeds to block 360 in FIG. 3.

Returning to FIG. 3, in block 360, the issuer system 150 determines ifthe calculated cryptographic checksum matches the received cryptographicchecksum. In an example embodiment, a match comprises an exact matchbetween the two cryptographic checksums. In another example embodiment,a match comprises an exact match of at least a part or component of thetwo cryptographic checksums. For example, the issuer system 150 compareseach number, symbol, letter, and/or character of the two cryptographicchecksums to determine the similarity between the two cryptographicchecksums.

If the cryptographic checksum calculated by the issuer system 150 doesnot match the received cryptographic checksum, the method 300 proceedsto block 370. For example, one or more of each number, symbol, letter,and/or character of the checksum calculated by the issuer system 150does not match the corresponding number, symbol, letter, and/orcharacter of the received cryptographic checksum.

In block 370, the issuer system 150 denies the payment authorizationrequest and transmits a notice of declined payment authorization to themerchant system 160. In another example embodiment, the issuer system150 transmits a notice of denial of payment authorization request to theaccount management system 130 over the network 170. In another exampleembodiment, the issuer system 150 transmits the notice of denial ofpayment authorization request to the user computing device 110 over thenetwork 170. In an example embodiment, the issuer system 150, even ifthe two cryptographic checksums match, may deny the transactionauthorization request based on the user's 101 account balance or creditbalance associated with the payment card device 120 or a transactionhistory associated with the payment card device 120. For example, theissuer system 150 may deny the transaction authorization request if theuser 101 has exceeded an allowed credit balance even if the token isvalid and the received user computing device 110 identifier matches theuser computing device 110 identifier associated with the token.

In block 390, the merchant system 160 transmits a receipt to the usercomputing device 110. In an example embodiment, in response to receivinga notice of declined payment authorization from the issuer system 150,the merchant system 160 transmits a receipt comprising notification thatthe transaction was declined to the user computing device 110 and/or theaccount management system 130. In an example embodiment, if the accountmanagement system 130 receives the receipt from the merchant system 160,the account management system 130 instructs the digital walletapplication 115 to display the receipt to the user 101 on the usercomputing device 110.

Returning to block 360, if the cryptographic checksum calculated by theissuer system 150 matches the received cryptographic checksum, themethod 300 proceeds to block 380. For example, each number, symbol,letter, and/or character of the checksum calculated by the issuer system150 matches the corresponding number, symbol, letter, and/or characterof the received cryptographic checksum.

In block 380, the issuer system 150 approves the payment authorizationrequest and transmits a notice of approved payment authorization to themerchant system 160. In an example embodiment, the issuer system 150 mayapprove the transaction authorization request further based on theuser's 101 account balance or credit balance associated with the paymentcard device 120 or a transaction history associated with the paymentcard device 120. For example, the issuer system 150 may approve thetransaction authorization request only if the user 101 has not exceededan allowed credit balance. In an example embodiment, the issuer system150, upon approval of the transaction authorization request, charges theuser's 101 financial account with the issuer system 150 and schedules apayment to the merchant system 160 account identified in the receivedtransaction authorization request. In an example embodiment, the issuersystem 150 bills the user 101 for the transaction amount and the user101 makes a payment to the issuer system 150 at a later time to satisfythe transaction amount balance on the user's 101 financial account. Forexample, the user 101 receives a statement for a credit accountassociated with the issuer system 150 for the payment card device 120associated with the token that the user 101 used in the transaction.

In block 390, the merchant system 160 transmits a receipt to the usercomputing device 110. In an example embodiment, in response to receivinga notice of approved payment authorization from the issuer system 150,the merchant system 160 transmits a receipt comprising notification thatthe transaction was successful to the user computing device 110 and/orthe account management system 130. In an example embodiment, if theaccount management system 130 receives the receipt from the merchantsystem 160, the account management system 130 instructs the digitalwallet application 115 to display the receipt to the user 101 on theuser computing device 110.

In certain example embodiments, the account management system 130maintains a transaction history for the user 101 on the user's digitalwallet account and the account management system 130 updates the user's101 transaction history upon receiving the notice of approval of thetransaction authorization request. In an example embodiment, the accountmanagement system 130 notifies the merchant system website 167 that thetransaction was successful. In an example embodiment, the merchantsystem website 167 notifies the user 101 via email, text message, orother means that the transaction was successful and provides relevanttransaction details. In another example embodiment, the merchant systemwebsite 167 notifies the user 101 that the transaction was successfuland provides relevant transaction details via email, via text message,or via other means.

In an example embodiment, the account management system transmits thereceipt to the digital wallet application 115 or via email or textmessage to the user computing device 110. In an example embodiment, inwhich the issuer system 150 approved the transaction authorizationrequest, the receipt comprises a summary of the transaction or a noticeto check the user's 101 transaction history in the user's 101 digitalwallet account for a summary of the transaction. For example, the user101 receives a notification on the digital wallet application 115 tocheck the user's 101 transaction history. In other example embodiments,in which the issuer system 150 denied the transaction authorizationrequest, the receipt comprises notification to the user 101 that thetransaction was unsuccessful.

In certain example embodiments wherein the user 101 transacts with themerchant system website 167, the user computing device 110 web browser117 may be re-directed to the merchant website 167 after a transactionauthorization request is approved or denied. For example, the merchantwebsite 167 may display its own receipt on the merchant system website167. For example, the receipt may comprise a summary of the user's 101order and shipping information.

Other Example Embodiments

FIG. 8 depicts a computing machine 2000 and a module 2050 in accordancewith certain example embodiments. The computing machine 2000 maycorrespond to any of the various computers, servers, mobile devices,embedded systems, or computing systems presented herein. The module 2050may comprise one or more hardware or software elements configured tofacilitate the computing machine 2000 in performing the various methodsand processing functions presented herein. The computing machine 2000may include various internal or attached components such as a processor2010, system bus 2020, system memory 2030, storage media 2040,input/output interface 2060, and a network interface 2070 forcommunicating with a network 2080.

The computing machine 2000 may be implemented as a conventional computersystem, an embedded controller, a laptop, a server, a mobile device, asmartphone, a set-top box, a kiosk, a vehicular information system, onemore processors associated with a television, a customized machine, anyother hardware platform, or any combination or multiplicity thereof. Thecomputing machine 2000 may be a distributed system configured tofunction using multiple computing machines interconnected via a datanetwork or bus system.

The processor 2010 may be configured to execute code or instructions toperform the operations and functionality described herein, managerequest flow and address mappings, and to perform calculations andgenerate commands. The processor 2010 may be configured to monitor andcontrol the operation of the components in the computing machine 2000.The processor 2010 may be a general purpose processor, a processor core,a multiprocessor, a reconfigurable processor, a microcontroller, adigital signal processor (“DSP”), an application specific integratedcircuit (“ASIC”), a graphics processing unit (“GPU”), a fieldprogrammable gate array (“FPGA”), a programmable logic device (“PLD”), acontroller, a state machine, gated logic, discrete hardware components,any other processing unit, or any combination or multiplicity thereof.The processor 2010 may be a single processing unit, multiple processingunits, a single processing core, multiple processing cores, specialpurpose processing cores, co-processors, or any combination thereof.According to certain embodiments, the processor 2010 along with othercomponents of the computing machine 2000 may be a virtualized computingmachine executing within one or more other computing machines.

The system memory 2030 may include non-volatile memories such asread-only memory (“ROM”), programmable read-only memory (“PROM”),erasable programmable read-only memory (“EPROM”), flash memory, or anyother device capable of storing program instructions or data with orwithout applied power. The system memory 2030 may also include volatilememories such as random access memory (“RAM”), static random accessmemory (“SRAM”), dynamic random access memory (“DRAM”), and synchronousdynamic random access memory (“SDRAM”). Other types of RAM also may beused to implement the system memory 2030. The system memory 2030 may beimplemented using a single memory module or multiple memory modules.While the system memory 2030 is depicted as being part of the computingmachine 2000, one skilled in the art will recognize that the systemmemory 2030 may be separate from the computing machine 2000 withoutdeparting from the scope of the subject technology. It should also beappreciated that the system memory 2030 may include, or operate inconjunction with, a non-volatile storage device such as the storagemedia 2040.

The storage media 2040 may include a hard disk, a floppy disk, a compactdisc read only memory (“CD-ROM”), a digital versatile disc (“DVD”), aBlu-ray disc, a magnetic tape, a flash memory, other non-volatile memorydevice, a solid state drive (“SSD”), any magnetic storage device, anyoptical storage device, any electrical storage device, any semiconductorstorage device, any physical-based storage device, any other datastorage device, or any combination or multiplicity thereof. The storagemedia 2040 may store one or more operating systems, application programsand program modules such as module 2050, data, or any other information.The storage media 2040 may be part of, or connected to, the computingmachine 2000. The storage media 2040 may also be part of one or moreother computing machines that are in communication with the computingmachine 2000 such as servers, database servers, cloud storage, networkattached storage, and so forth.

The module 2050 may comprise one or more hardware or software elementsconfigured to facilitate the computing machine 2000 with performing thevarious methods and processing functions presented herein. The module2050 may include one or more sequences of instructions stored assoftware or firmware in association with the system memory 2030, thestorage media 2040, or both. The storage media 2040 may thereforerepresent examples of machine or computer readable media on whichinstructions or code may be stored for execution by the processor 2010.Machine or computer readable media may generally refer to any medium ormedia used to provide instructions to the processor 2010. Such machineor computer readable media associated with the module 2050 may comprisea computer software product. It should be appreciated that a computersoftware product comprising the module 2050 may also be associated withone or more processes or methods for delivering the module 2050 to thecomputing machine 2000 via the network 2080, any signal-bearing medium,or any other communication or delivery technology. The module 2050 mayalso comprise hardware circuits or information for configuring hardwarecircuits such as microcode or configuration information for an FPGA orother PLD.

The input/output (“I/O”) interface 2060 may be configured to couple toone or more external devices, to receive data from the one or moreexternal devices, and to send data to the one or more external devices.Such external devices along with the various internal devices may alsobe known as peripheral devices. The I/O interface 2060 may include bothelectrical and physical connections for operably coupling the variousperipheral devices to the computing machine 2000 or the processor 2010.The I/O interface 2060 may be configured to communicate data, addresses,and control signals between the peripheral devices, the computingmachine 2000, or the processor 2010. The I/O interface 2060 may beconfigured to implement any standard interface, such as small computersystem interface (“SCSI”), serial-attached SCSI (“SAS”), fiber channel,peripheral component interconnect (“PCI”), PCI express (PCIe), serialbus, parallel bus, advanced technology attached (“ATA”), serial ATA(“SATA”), universal serial bus (“USB”), Thunderbolt, FireWire, variousvideo buses, and the like. The I/O interface 2060 may be configured toimplement only one interface or bus technology. Alternatively, the I/Ointerface 2060 may be configured to implement multiple interfaces or bustechnologies. The I/O interface 2060 may be configured as part of, allof, or to operate in conjunction with, the system bus 2020. The I/Ointerface 2060 may include one or more buffers for bufferingtransmissions between one or more external devices, internal devices,the computing machine 2000, or the processor 2010.

The I/O interface 2060 may couple the computing machine 2000 to variousinput devices including mice, touch-screens, scanners, electronicdigitizers, sensors, receivers, touchpads, trackballs, cameras,microphones, keyboards, any other pointing devices, or any combinationsthereof. The I/O interface 2060 may couple the computing machine 2000 tovarious output devices including video displays, speakers, printers,projectors, tactile feedback devices, automation control, roboticcomponents, actuators, motors, fans, solenoids, valves, pumps,transmitters, signal emitters, lights, and so forth.

The computing machine 2000 may operate in a networked environment usinglogical connections through the network interface 2070 to one or moreother systems or computing machines across the network 2080. The network2080 may include wide area networks (WAN), local area networks (LAN),intranets, the Internet, wireless access networks, wired networks,mobile networks, telephone networks, optical networks, or combinationsthereof. The network 2080 may be packet switched, circuit switched, ofany topology, and may use any communication protocol. Communicationlinks within the network 2080 may involve various digital or an analogcommunication media such as fiber optic cables, free-space optics,waveguides, electrical conductors, wireless links, antennas,radio-frequency communications, and so forth.

The processor 2010 may be connected to the other elements of thecomputing machine 2000 or the various peripherals discussed hereinthrough the system bus 2020. It should be appreciated that the systembus 2020 may be within the processor 2010, outside the processor 2010,or both. According to some embodiments, any of the processor 2010, theother elements of the computing machine 2000, or the various peripheralsdiscussed herein may be integrated into a single device such as a systemon chip (“SOC”), system on package (“SOP”), or ASIC device.

In situations in which the systems discussed here collect personalinformation about users, or may make use of personal information, theusers may be provided with an opportunity or option to control whetherprograms or features collect user information (e.g., information about auser's social network, social actions or activities, profession, auser's preferences, or a user's current location), or to control whetherand/or how to receive content from the content server that may be morerelevant to the user. In addition, certain data may be treated in one ormore ways before it is stored or used, so that personally identifiableinformation is removed. For example, a user's identity may be treated sothat no personally identifiable information can be determined for theuser, or a user's geographic location may be generalized where locationinformation is obtained (such as to a city, ZIP code, or state level),so that a particular location of a user cannot be determined. Thus, theuser may have control over how information is collected about the userand used by a content server.

Embodiments may comprise a computer program that embodies the functionsdescribed and illustrated herein, wherein the computer program isimplemented in a computer system that comprises instructions stored in amachine-readable medium and a processor that executes the instructions.However, it should be apparent that there could be many different waysof implementing embodiments in computer programming, and the embodimentsshould not be construed as limited to any one set of computer programinstructions. Further, a skilled programmer would be able to write sucha computer program to implement an embodiment of the disclosedembodiments based on the appended flow charts and associated descriptionin the application text. Therefore, disclosure of a particular set ofprogram code instructions is not considered necessary for an adequateunderstanding of how to make and use embodiments. Further, those skilledin the art will appreciate that one or more aspects of embodimentsdescribed herein may be performed by hardware, software, or acombination thereof, as may be embodied in one or more computingsystems. Moreover, any reference to an act being performed by a computershould not be construed as being performed by a single computer as morethan one computer may perform the act.

The example embodiments described herein can be used with computerhardware and software that perform the methods and processing functionsdescribed herein. The systems, methods, and procedures described hereincan be embodied in a programmable computer, computer-executablesoftware, or digital circuitry. The software can be stored oncomputer-readable media. For example, computer-readable media caninclude a floppy disk, RAM, ROM, hard disk, removable media, flashmemory, memory stick, optical media, magneto-optical media, CD-ROM, etc.Digital circuitry can include integrated circuits, gate arrays, buildingblock logic, field programmable gate arrays (FPGA), etc.

The example systems, methods, and acts described in the embodimentspresented previously are illustrative, and, in alternative embodiments,certain acts can be performed in a different order, in parallel with oneanother, omitted entirely, and/or combined between different exampleembodiments, and/or certain additional acts can be performed, withoutdeparting from the scope and spirit of various embodiments. Accordingly,such alternative embodiments are included in the scope of the followingclaims, which are to be accorded the broadest interpretation so as toencompass such alternate embodiments.

Although specific embodiments have been described above in detail, thedescription is merely for purposes of illustration. It should beappreciated, therefore, that many aspects described above are notintended as required or essential elements unless explicitly statedotherwise. Modifications of, and equivalent components or actscorresponding to, the disclosed aspects of the example embodiments, inaddition to those described above, can be made by a person of ordinaryskill in the art, having the benefit of the present disclosure, withoutdeparting from the spirit and scope of embodiments defined in thefollowing claims, the scope of which is to be accorded the broadestinterpretation so as to encompass such modifications and equivalentstructures.

What is claimed is:
 1. A computer-implemented method to verify userpossession of payment card devices associated with payment informationused in online transactions, comprising: transmitting, by a usercomputing device and to an online merchant system, an unpredictablenumber request in response to receiving an input initiating an onlinetransaction with the online merchant system; receiving, by the usercomputing device and from the online merchant system, an unpredictablenumber generated by the online merchant system; in response to receivingthe unpredictable number from the online merchant system, displaying, bythe user computing device, a request to initiate a tap with the usercomputing device; detecting, by the user computing device, the tap of apayment card device to the user computing device; in response todetecting the tap, establishing, by the user computing device and withthe payment card device, a wireless communication channel; transmitting,by the user computing device and to the payment card device via thewireless communication channel, the unpredictable number; accessing, byan application on the payment card device, a first shared secret storedon a secure memory of the payment card device; calculating, by theapplication on the payment card device, a first check sum based on theunpredictable number and the first shared secret stored on the securememory of the payment card device; receiving, by the user computingdevice and from the payment card device, the check sum and paymentaccount information stored on the payment card device; transmitting, bythe user computing device and to the online merchant system, the checksum and the payment account information; transmitting, by the onlinemerchant system, a payment authorization request comprising the checksum, the unpredictable number, and the payment account information to anissuer system associated with the payment account information;calculating, by the issuer system, a second check sum based on thereceived unpredictable number and a second shared secret stored by theissuer system and associated with the payment card device; andapproving, by the issuer system, the payment authorization request ifthe first and second check sums match.
 2. The method of claim 1, whereinthe user computing device transmits the unpredictable number request,receives the unpredictable number, and transmits the check sum and thepayment account information to the online merchant system via a merchantsystem application operating on the user computing device.
 3. The methodof claim 1, wherein the user computing device transmits theunpredictable number request, receives the unpredictable number, andtransmits the check sum and the payment account information to theonline merchant system via one or more computing devices of an accountmanagement system associated with a digital wallet account of the user.4. The method of claim 1, wherein the user computing device communicateswith the payment card device via near field communication, communicationvia ultra high frequency radio waves, or Wi-Fi communication protocols.5. The method of claim 1, further comprising: approving, by the issuersystem, the payment authorization request; transmitting, by the issuersystem, a notification of approval of the payment authorization requestto the online merchant system; receiving, by the user computing deviceand from the online merchant system, a receipt comprising a notificationof an approved payment transaction; and displaying, by the usercomputing device, the receipt to the user.
 6. The method of claim 1,further comprising generating, by the issuer system at a time before theuser initiates the transaction with the online merchant system, thepayment card device comprising the first shared secret, wherein thefirst shared secret is identical to the second shared secret stored bythe issuer system and associated with the payment card device.
 7. Asystem to verify user possession of payment card devices associated withpayment information used in online transactions, comprising: a usercomputing device; a payment card device; and an issuer system computingdevice, the user computing device comprising a storage device and aprocessor communicatively coupled to the storage device, wherein theprocessor executes application code instructions that are stored in thestorage device to cause the user computing device to: transmit, to anonline merchant system, an unpredictable number request in response toreceiving an input initiating an online transaction with the onlinemerchant system; receive, from the online merchant system, anunpredictable number generated by the online merchant system; inresponse to receiving the unpredictable number from the online merchantsystem, display a request to initiate a tap with the user computingdevice; detect the tap of the payment card device to the user computingdevice; in response to detecting the tap, establish, with the paymentcard device, a wireless communication channel; transmit, to the paymentcard device via the wireless communication channel, the unpredictablenumber; receive, from the payment card device, a check sum and paymentaccount information stored on the payment card device; and transmit, tothe online merchant system, the check sum and the payment accountinformation along with a request to transmit a payment authorizationrequest comprising the check sum, the unpredictable number, and thepayment account information to the issuer system associated with thepayment account information; the payment card device comprising a secondstorage device, a secure element, and a second processor communicativelycoupled to the second storage device and the secure element, wherein thesecond processor executes application code instructions that are storedin the second storage device to cause the payment card device to:receive the unpredictable number from the user computing device via thewireless communication channel; access, using an application on thepayment card device, a first shared secret stored on the secure element;calculate, using the application on the payment card device, the firstcheck sum based on the unpredictable number and the first shared secretstored on the secure element; and transmit the first check sum to theuser computing device via the wireless communication channel; and theissuer system computing device comprising a third storage device and athird processor communicatively coupled to the third storage device,wherein the third processor executes application code instructions thatare stored in the third storage device to cause the issuer systemcomputing device to: receive a payment authorization request and theunpredictable number and the first checksum from the online merchantsystem; calculate a second check sum based on the received unpredictablenumber and a second shared secret stored on the third storage device;and approve the payment authorization request if the first and secondcheck sums match.
 8. The system of claim 7, wherein the unpredictablenumber request is transmitted, the unpredictable number is received, andthe check sum and the payment account information are communicated tothe online merchant system via one or more computing devices of anaccount management system associated with a digital wallet account ofthe user.
 9. The system of claim 7, wherein communication with thepayment card device is via near field communication, communication viaultra high frequency radio waves, or Wi-Fi communication protocols. 10.The system of claim 7, further comprising: approving, by the issuersystem, the payment authorization request; transmitting, by the issuersystem, a notification of approval of the payment authorization requestto the online merchant system; receiving, by the user computing device,from the online merchant system, a receipt comprising a notification ofan approved payment transaction; displaying, by the user computingdevice, the receipt.
 11. The system of claim 7, wherein, at a timebefore the user initiates the transaction with the online merchantsystem, the issuer system generates the payment card device comprisingthe first shared secret, wherein the first shared secret is identical tothe second shared secret stored by the issuer system and associated withthe payment card device.